freeipa

Clone
Source Code
GIT

f103172 ipasam: derive parent domain for subdomains automatically

1 file Authored by abbra 3 years ago, Committed by rcritten 3 years ago,
raw patch tree parent
1 file changed. 68 lines added. 10 lines removed.
daemons/ipa-sam/ipa_sam.c
file modified
+68 -10 
    ipasam: derive parent domain for subdomains automatically
    
    [MS-ADTS] 6.1.6.7.13 defines 'trustPartner' attribute as containing a
    FQDN of the trusted domain. In practice, for a subdomain of a forest, it
    would be FQDN of the subdomain itself in the trusted domain entry in the
    parent domain. This is reflected as ipaNTTrustPartner attribute in
    FreeIPA.
    
    Remove ipaNTTrustPartner from the searches that use NetBIOS name. We
    match cn of that entry already.
    
    Use RDN value of the entry to derive DNS domain name in case
    ipaNTTrustPartner is missing.
    
    For subdomains, set trust attributes to 0 and trust flags to mark them
    as being within the forest. This will trigger winbindd to not ask for
    credentials to reach those domain controllers directly.
    
    Fixes: https://pagure.io/freeipa/issue/8576
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
file modified
+68 -10
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.